# Assess Vendor Risk and Due Diligence Sprinto enables you to assess vendor risk through configurable risk scoring, risk mapping, Risk Pulse insights, and guided due diligence workflows. These workflows help organisations: * Identify high-risk vendors * Understand vendor security posture * Map operational and compliance risks * Perform due diligence reviews * Maintain audit-ready evidence Vendor risk assessment combines: * Manual risk classification * Risk mapping * Sprinto Risk Pulse analysis * Due diligence review workflows *** ### How it Works #### Access a Vendor 1. Log in to the **Sprinto dashboard**. 2. Navigate to **Data Library**. 3. Select **Vendors**. 4. Open the **All vendors** tab. 5. Select the vendor you want to assess.
*** #### Open the Risk Tab Inside the vendor profile: 1. Navigate to the **Risk** tab. You will now see two sections: * **Your classification** * **Sprinto’s risk pulse**
*** ### Key Behaviours and Limits * Sprinto automatically calculates the vendor risk score from configured risk factors. * Any **Add value** action opens the full scoring drawer containing all risk factors. * Risk mappings can be edited at any time. * Risk Pulse is continuously monitored and updated automatically. * High-risk vendors may require due diligence workflows depending on configuration. *** ### Use Cases
Use CaseDescription
Vendor onboardingAssess vendor risk before onboarding
Risk governanceClassify vendor risks using organisational scoring models
Risk mappingAssociate vendors with operational or compliance risks
Compliance reviewsReview vendor posture during audits and assessments
Continuous monitoringUse Risk Pulse to monitor vendor security posture
*** ### Dashboard Actions #### Score Vendor Risk Sprinto calculates vendor risk using configured risk factors. **Add Risk Factor Values** 1. Open the vendor profile. 2. Go to the **Risk** tab. 3. Under **Your classification**, locate the required risk factor. 4. Click **Add value**.
A drawer opens containing all configured risk factors. *** #### Configure Risk Factors Inside the drawer: 1. Expand each risk factor section. 2. Select the required value or response. 3. Continue until all mandatory risk factors are completed. Examples include: * Access rights * Personal and sensitive data * Data location and handling * Data retention * Vendor tier * Operational impact Sprinto automatically calculates: * Risk scores per factor * Total vendor risk score * Auto-computed risk level
*** #### Save Risk Scoring 1. After configuring all required values: 2. Click **Save changes**.
The vendor risk score is updated. *** #### Edit Existing Risk Scores To modify existing scores: 1. Go to the **Risk** tab. 2. Click the **Edit** icon next to any scored risk factor.
3. Click **Save changes a**fter configuring all required values. The scoring drawer opens again and allows you to: * Modify factor values * Recalculate vendor scores *** ### Map Risks to a Vendor You can associate risks from the risk register with a vendor. #### Add Risk Mapping 1. Go to the **Risk** tab. 2. Under **Map risks to vendor**, click **Add risks**.
A drawer opens showing: * Risk categories * Available risks * Search functionality *** #### Select Risks 1. Select a risk category. 2. Search or browse available risks. 3. Select the required risks using the checkboxes. Selected risks appear in: * **Selected risks for mapping**
*** #### Save Risk Mapping 1. Click **Save mapping**. Mapped risks now appear under: * **Mapped risks to vendor** *** #### Edit Risk Mapping To modify mappings: 1. Click **Edit** in the mapped risks section.
2. Add or remove risks as required. 3. Click **Save mapping** to save the changes.
*** ### Review Sprinto Risk Pulse Sprinto Risk Pulse provides continuously monitored vendor posture insights. #### Access Risk Pulse 1. Open the vendor profile. 2. Navigate to the **Risk** tab. 3. Open **Sprinto’s risk pulse**.
Risk Pulse combines: * Security signals * Compliance posture * Operational indicators * Continuously monitored risk data *** #### Review Compliance and Certifications Risk Pulse displays: * Compliance certifications * Security posture indicators * Regulatory alignment * Operational signals Examples include: * SOC 2 Type II * ISO 27001 * ISO 27701 * ISO 42001 * GDPR * HIPAA * CCPA / CPRA * EU AI Act * DPA availability Sprinto also calculates a: * **Risk Pulse score** * Associated risk level *** ### Perform Vendor Due Diligence Due diligence is generally required for high-risk vendors. #### Start Due Diligence 1. Open the vendor profile. 2. Go to the **Due diligence** tab. 3. Click p**erform due diligence**.
*** #### Upload Security Documents 1. Click **Choose documents** to choose your documents.
You can: * Upload compliance reports * Request documents from vendors * Review uploaded evidence Examples include: * SOC reports * ISO certifications * Security assessments * DPA documents
2. Click **Save** to save your configuration. *** #### Complete Due Diligence Under **Review vendor documents and complete due diligence**: Select either: * **Vendor meets necessary security requirements** * **Manually review vendor documents and add notes** If manually reviewing: * Add findings or review notes Once complete: 1. Click **Complete due diligence**.
*** ### Summary Sprinto enables organisations to assess vendor risk through configurable scoring models, mapped risks, Risk Pulse analysis, and due diligence workflows. Together, these features help organisations: * Understand vendor security posture * Identify high-risk vendors * Maintain audit-ready evidence * Continuously monitor third-party risk exposure --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/data-library/vendors/dashboard-actions/assess-vendor-risk-and-due-diligence.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.